function delete_note($noteid)
{
$db = new DbConn();
$result = $db->fetch('select userid from notes where id = ?');
if ($result) {
$db->exec('delete from notes where id = ?', $noteid);
log_event(LOG_NOTE_DELETED, $result->userid, $noteid);
}
}
function log_event($messageId, $userId, $state = NULL)
{
$CI =& get_instance();
$CI->load->library('admin');
$adminId = $CI->admin->id();
if (!$adminId) {
$adminId = NULL;
}
if (!$userId) {
$userId = NULL;
}
$db = new DbConn();
$db->exec('insert into event_log (messageid, userid, adminid, state) values (?, ?, ?, ?)', $messageId, $userId, $adminId, $state);
}
function index()
{
$this->load->helper('mail');
$db = new DbConn();
$mails = $db->query('select * from mails_scheduled where due <= NOW()');
while ($mail = $mails->next()) {
$user_id = $mail->userid;
$mail_id = $mail->mailid;
$template = get_mail_template($mail_id, false);
if (!$template) {
continue;
}
send_user_mail($template, $user_id);
$db->exec('delete from mails_scheduled where id = ?', $mail->id);
}
}
function login($username, $password, $persist)
{
$db = new DbConn();
$result = $db->query('select * from admins where email = ? and password = ?', $username, $password);
if ($result->length != 1) {
return FALSE;
}
$admin = $result->next();
$id = $admin->id;
if (!$admin->token) {
$token = md5(uniqid());
$db->exec('update admins set token = ? where email = ? and password = ?', $token, $username, $password);
} else {
$token = $admin->token;
}
$expire = $persist ? 157784630 : 0;
set_cookie('admin_id', $id, $expire);
set_cookie('admin_token', $token, $expire);
return TRUE;
}
<?php
require_once 'common.inc';
$id = $_POST['id'];
$subject = $_POST['subject'];
$htmlbody = $_POST['htmlbody'];
$textbody = html_to_plaintext($htmlbody);
$db = new DbConn();
if (!$id) {
# New template
$db->exec('insert into mail_templates () values ()');
$id = $db->last_insert_id();
}
$rows = $db->exec('insert into mail_template_versions (templateid, subject, html, plaintext) values (?, ?, ?, ?)', (int) $id, $subject, $htmlbody, $textbody);
if ($rows != 1) {
throw new RuntimeException("Insertion failed!");
}
redirect("list.php?highlight={$id}");
require_once 'common.inc';
require_once "{$base}/lib/EmailAddressValidator.php";
session_unset();
$firstname = trim($_POST['firstname']);
$lastname = trim($_POST['lastname']);
$email = trim($_POST['email']);
$password = trim($_POST['password']);
$password2 = trim($_POST['password2']);
if ($password != $password2) {
redirect('index.html?regerror=' . urlencode('Passwords do not match'));
exit;
}
$user = get_user_by_email($email);
if ($user) {
redirect('index.html?regerror=' . urlencode('User already exists'));
exit;
}
$validator = new EmailAddressValidator();
if (!$validator->check_email_address($email)) {
redirect('index.html?regerror=' . urlencode('Invalid e-mail address'));
exit;
}
$db = new DbConn();
$db->exec('INSERT INTO users (firstname, lastname, email, password) VALUES (?, ?, ?, ?)', $firstname, $lastname, $email, $password);
$newUser = get_user_by_email($email);
if (!$newUser) {
redirect('index.html?regerror=' . urlencode('An unknown error occurred'));
exit;
}
$_SESSION['userid'] = $newUser->id;
redirect('page1.html');
<?php
session_start();
require_once 'common.inc';
if (!$_SESSION['userid']) {
redirect('login.php?error=1');
exit;
}
try {
transition_user_to_state($_SESSION['userid'], STATUS_SUBMITTED);
$db = new DbConn();
$db->exec('update users set submitdate = ? where id = ?', date_create(), $_SESSION['userid']);
echo "OK";
} catch (Exception $e) {
header('Content-Type: text/plain', true, 500);
echo $e->getMessage();
}
function submit()
{
$user = $this->user->get_current_user();
$this->user->verify_draft($user);
transition_user_to_state($user->id, STATUS_SUBMITTED);
$db = new DbConn();
$db->exec('update users set submitdate = ? where id = ?', date_create(), $user->id);
//redirect("apply/success");
$this->success();
}
function change_dates($userId)
{
$user = get_user($userId);
if (!$user) {
show_error('User not found', 404);
}
$arrival = $this->_to_date($this->input->post('arrivaldate'));
$departure = $this->_to_date($this->input->post('departuredate'));
$travelnotes = $this->input->post('travelnotes');
$confirmed = $this->input->post('datesconfirmed');
$db = new DbConn();
$rows = $db->exec('update users set arrivaldate = ?, departuredate = ?, travelnotes = ? where id = ?', $arrival, $departure, $travelnotes, (int) $userId);
$arrival_str = $arrival->format('Y-m-d');
$departure_str = $arrival->format('Y-m-d');
log_event(LOG_TRAVEL_INFO_UPDATE, $userId, substr("Arrive: {$arrival_str}\nDepart: {$departure_str}\nNotes: {$travelnotes}", 0, 255));
if ($user->status == STATUS_ACCEPTED && $confirmed) {
transition_user_to_state($userId, STATUS_CONFIRMED);
}
$this->session->set_flashdata('message', 'Changes saved successfully');
redirect("admin/volunteers/show/{$userId}");
}
/**
* $template_id - mail_templates.id
* $user - User id or assoc array
*/
function send_user_mail($template, $user, $to = NULL)
{
$CI =& get_instance();
$CI->load->library('email');
$CI->load->library('admin');
$volunteer_coordinator = $CI->admin->get_volunteer_coordinator();
$mail_sender_name = $CI->config->item('mail_sender_name');
$mail_sender_email = $CI->config->item('mail_sender_email');
if (!is_array($user)) {
$user = get_user_assoc($user);
}
if ($template->recipient == MAILRECIPIENT_ADMIN || $to) {
$user['application_url'] = site_url('admin/volunteers/show/' . $user['id']);
}
$user['homepage_url'] = base_url();
$user['admin_email'] = $volunteer_coordinator->email;
$user['admin_name'] = $volunteer_coordinator->name;
$mail = render_mail($template, $user);
$CI->email->initialize(array('mailtype' => 'html'));
$CI->email->clear(TRUE);
$CI->email->from($mail_sender_email, $mail_sender_name);
if ($volunteer_coordinator) {
$CI->email->reply_to($volunteer_coordinator->email, $volunteer_coordinator->name);
}
if ($to) {
$CI->email->to($to);
} else {
if ($template->recipient == MAILRECIPIENT_APPLICANT) {
$CI->email->to($user['email']);
} else {
if ($template->recipient == MAILRECIPIENT_ADMIN) {
$CI->load->library('admin');
// get all admin e-mails
$emails = $CI->admin->get_admin_emails();
$CI->email->to(implode(', ', $emails));
}
}
}
$CI->email->subject($mail->subject);
$CI->email->message($mail->html);
$CI->email->set_alt_message($mail->plaintext);
/* The filenames that the attachments use on disk are not
human-readable--they have IDs, not the original filenames.
To restore the original filenames we must create a temp
directory structure and then copy the files to the temp
dir, attach from there, send the file, then clean up the
temp dir. */
$tmp = tempnam(sys_get_temp_dir(), 'vteer_mail_');
if (!unlink($tmp) || !mkdir($tmp)) {
throw new RuntimeException("Failed to create temp dir");
}
while ($attachment = $template->attachments->next()) {
$filedata = make_attachment_path($attachment->id);
$subtmp = $tmp . DIRECTORY_SEPARATOR . $attachment->id;
$filetmp = $subtmp . DIRECTORY_SEPARATOR . $attachment->filename;
if (!mkdir($subtmp) || !copy($filedata, $filetmp)) {
throw new RuntimeException("Failed to attach file");
}
$CI->email->attach($filetmp);
}
$CI->email->send();
if ($template->recurrence) {
schedule_mail($user['id'], $template->templateid, new DateTime($template->recurrence));
}
$db = new DbConn();
$db->exec('insert into mails_sent (userid, templateverid, sent) values (?, ?, ?)', $user['id'], $template->id, date_create());
deltree($tmp);
}
<?php
require_once 'common.inc';
$db = new DbConn();
$mails = $db->query('select * from mails_scheduled where due <= UTC_TIMESTAMP()');
while ($mail = $mails->next()) {
$user_id = $mail->userid;
$mail_id = $mail->mailid;
$id = $mail->id;
$template = get_mail_template($mail_id, false);
if (!$template) {
continue;
}
send_user_mail($template, $user_id);
$db->exec('insert into mails_sent (userid, templateverid) values (?, ?)', $user_id, $template->id);
$db->exec('delete from mails_scheduled where id = ?', $mail->id);
}
function upload()
{
if ($_FILES['file']['error'] !== UPLOAD_ERR_OK) {
echo 'File upload failed';
die($_FILES['file']['error']);
}
$filename = $_FILES['file']['name'];
$filetype = $_FILES['file']['type'];
$filesize = filesize($_FILES['file']['tmp_name']);
$db = new DbConn();
$db->exec('insert into mail_attachments (filename, type, size) values (?, ?, ?)', $filename, $filetype, $filesize);
$fileId = $db->last_insert_id();
$destfile = make_attachment_path($fileId);
if (!move_uploaded_file($_FILES['file']['tmp_name'], $destfile)) {
die('Upload failed');
}
$this->load->view('admin/header');
$this->load->view('admin/mail/uploaded', array('fileid' => $fileId, 'filename' => $filename, 'filesize' => $filesize, 'filetype' => $filetype));
$this->load->view('admin/footer');
}
function merge_data($userid, $jsonData)
{
$newData = json_decode($jsonData, true);
if (is_null($newData)) {
throw new RuntimeException("JSON decoding failed!");
}
$user = get_user($userid);
if (!$user) {
throw new RuntimeException("Unknown user {$userid}");
}
$oldJson = $user->data && strlen($user->data) > 0 ? $user->data : "{}";
$oldData = json_decode($oldJson, true);
if (is_null($oldData)) {
throw new RuntimeException("JSON decoding failed!");
}
foreach ($newData as $key => $val) {
if (is_null($val)) {
unset($oldData[$key]);
} else {
$oldData[$key] = $val;
}
}
$mergedJson = json_encode($oldData);
//echo $mergedJson;
$db = new DbConn();
$db->exec('UPDATE users SET data = ? WHERE id = ?', $mergedJson, $userid);
}
